#!/bin/bash
# shellcheck disable=SC2034
{{- $DEFAULT_ACMESH_DNS_API_CONFIG := fromYaml (coalesce $.Env.ACMESH_DNS_API_CONFIG "") }}
{{- if $DEFAULT_ACMESH_DNS_API_CONFIG }}
    {{- "\n" }}declare -A DEFAULT_ACMESH_DNS_API_CONFIG=(
    {{- range $key, $value := $DEFAULT_ACMESH_DNS_API_CONFIG }}
        {{- "\n\t" }}['{{ $key }}']='{{ $value }}'
    {{- end }}
    {{- "\n" }})
{{- end }}


LETSENCRYPT_CONTAINERS=(
{{ $orderedContainers := sortObjectsByKeysDesc $ "Created" }}
{{ range $_, $container := whereExist $orderedContainers "Env.LETSENCRYPT_HOST" }}
    {{ if trim $container.Env.LETSENCRYPT_HOST }}
        {{ if parseBool (coalesce $container.Env.LETSENCRYPT_SINGLE_DOMAIN_CERTS "false") }}
            {{/* Explicit per-domain splitting of the certificate */}}
            {{ range $host := split $container.Env.LETSENCRYPT_HOST "," }}
                {{ $host := trim $host }}
                {{- "\n\t" }}'{{ printf "%.12s" $container.ID }}_{{ sha1 $host }}' # {{ $container.Name }}, created at {{ $container.Created }}
            {{ end }}
        {{ else }}
            {{/* Default: multi-domain (SAN) certificate */}}
            {{- "\n\t" }}'{{ printf "%.12s" $container.ID }}' # {{ $container.Name }}, created at {{ $container.Created }}
        {{ end }}
    {{ end }}
{{ end }}
)

{{ range $hosts, $containers := groupBy $ "Env.LETSENCRYPT_HOST" }}
    {{ $hosts := trimSuffix "," $hosts }}
    {{ range $container := $containers }}
        {{/* Trim spaces and set empty values on per-container environment variables */}}
        {{ $KEYSIZE := trim (coalesce $container.Env.LETSENCRYPT_KEYSIZE "") }}
        {{ $STAGING := trim (coalesce $container.Env.LETSENCRYPT_TEST "") }}
        {{ $EMAIL := trim (coalesce $container.Env.LETSENCRYPT_EMAIL "") }}
        {{ $CA_URI := trim (coalesce $container.Env.ACME_CA_URI "") }}
        {{ $ACME_CHALLENGE := trim (coalesce $container.Env.ACME_CHALLENGE "") }}
        {{ $ACMESH_DNS_API_CONFIG := fromYaml (coalesce $container.Env.ACMESH_DNS_API_CONFIG "") }}
        {{ $PREFERRED_CHAIN := trim (coalesce $container.Env.ACME_PREFERRED_CHAIN "") }}
        {{ $OCSP := trim (coalesce $container.Env.ACME_OCSP "") }}
        {{ $EAB_KID := trim (coalesce $container.Env.ACME_EAB_KID "") }}
        {{ $EAB_HMAC_KEY := trim (coalesce $container.Env.ACME_EAB_HMAC_KEY "") }}
        {{ $ZEROSSL_API_KEY := trim (coalesce $container.Env.ZEROSSL_API_KEY "") }}
        {{ $RESTART_CONTAINER := trim (coalesce $container.Env.LETSENCRYPT_RESTART_CONTAINER "") }}
        {{ $PRE_HOOK := trim (coalesce $container.Env.ACME_PRE_HOOK "") }}
        {{ $POST_HOOK := trim (coalesce $container.Env.ACME_POST_HOOK "") }}
        {{ $cid := printf "%.12s" $container.ID }}
        {{- "\n" }}# Container {{ $cid }} ({{ $container.Name }})
        {{ if parseBool (coalesce $container.Env.LETSENCRYPT_SINGLE_DOMAIN_CERTS "false") }}
            {{/* Explicit per-domain splitting of the certificate */}}
            {{ range $host := split $hosts "," }}
                {{ $host := trim $host }}
                {{ $host := trimSuffix "." $host }}
                {{ $hostHash := sha1 $host }}
                {{- "\n" }}LETSENCRYPT_{{ $cid }}_{{ $hostHash }}_HOST=('{{ $host }}')
                {{- "\n" }}LETSENCRYPT_{{ $cid }}_{{ $hostHash }}_KEYSIZE="{{ $KEYSIZE }}"
                {{- "\n" }}LETSENCRYPT_{{ $cid }}_{{ $hostHash }}_TEST="{{ $STAGING }}"
                {{- "\n" }}LETSENCRYPT_{{ $cid }}_{{ $hostHash }}_EMAIL="{{ $EMAIL }}"
                {{- "\n" }}ACME_{{ $cid }}_{{ $hostHash }}_CA_URI="{{ $CA_URI }}"
                {{- "\n" }}ACME_{{ $cid }}_{{ $hostHash }}_CHALLENGE="{{ $ACME_CHALLENGE }}"
                {{- if $ACMESH_DNS_API_CONFIG }}
                    {{- "\n" }}declare -A ACMESH_{{ $cid }}_{{ $hostHash }}_DNS_API_CONFIG=(
                    {{- range $key, $value := $ACMESH_DNS_API_CONFIG }}
                        {{- "\n\t" }}['{{ $key }}']='{{ $value }}'
                    {{- end }}
                    {{- "\n" }})
                {{- end }}
                {{- "\n" }}ACME_{{ $cid }}_{{ $hostHash }}_PREFERRED_CHAIN="{{ $PREFERRED_CHAIN }}"
                {{- "\n" }}ACME_{{ $cid }}_{{ $hostHash }}_OCSP="{{ $OCSP }}"
                {{- "\n" }}ACME_{{ $cid }}_{{ $hostHash }}_EAB_KID="{{ $EAB_KID }}"
                {{- "\n" }}ACME_{{ $cid }}_{{ $hostHash }}_EAB_HMAC_KEY="{{ $EAB_HMAC_KEY }}"
                {{- "\n" }}ZEROSSL_{{ $cid }}_{{ $hostHash }}_API_KEY="{{ $ZEROSSL_API_KEY }}"
                {{- "\n" }}LETSENCRYPT_{{ $cid }}_{{ $hostHash }}_RESTART_CONTAINER="{{ $RESTART_CONTAINER }}"
                {{- "\n" }}ACME_{{ $cid }}_{{ $hostHash }}_PRE_HOOK="{{ $PRE_HOOK }}"
                {{- "\n" }}ACME_{{ $cid }}_{{ $hostHash }}_POST_HOOK="{{ $POST_HOOK }}"
            {{ end }}
        {{ else }}
            {{/* Default: multi-domain (SAN) certificate */}}
            {{- "\n" }}LETSENCRYPT_{{ $cid }}_HOST=( 
                    {{- range $host := split $hosts "," }}
                        {{- $host := trim $host }}
                        {{- $host := trimSuffix "." $host }}
                        {{- "\n\t" }}'{{ $host }}'
                    {{- end }}
            {{- "\n" }})
            {{- "\n" }}LETSENCRYPT_{{ $cid }}_KEYSIZE="{{ $KEYSIZE }}"
            {{- "\n" }}LETSENCRYPT_{{ $cid }}_TEST="{{ $STAGING }}"
            {{- "\n" }}LETSENCRYPT_{{ $cid }}_EMAIL="{{ $EMAIL }}"
            {{- "\n" }}ACME_{{ $cid }}_CA_URI="{{ $CA_URI }}"
            {{- "\n" }}ACME_{{ $cid }}_CHALLENGE="{{ $ACME_CHALLENGE }}"
            {{- if $ACMESH_DNS_API_CONFIG }}
                {{- "\n" }}declare -A ACMESH_{{ $cid }}_DNS_API_CONFIG=(
                {{- range $key, $value := $ACMESH_DNS_API_CONFIG }}
                    {{- "\n\t" }}['{{ $key }}']='{{ $value }}'
                {{- end }}
                {{- "\n" }})
            {{- end }}
            {{- "\n" }}ACME_{{ $cid }}_PREFERRED_CHAIN="{{ $PREFERRED_CHAIN }}"
            {{- "\n" }}ACME_{{ $cid }}_OCSP="{{ $OCSP }}"
            {{- "\n" }}ACME_{{ $cid }}_EAB_KID="{{ $EAB_KID }}"
            {{- "\n" }}ACME_{{ $cid }}_EAB_HMAC_KEY="{{ $EAB_HMAC_KEY }}"
            {{- "\n" }}ZEROSSL_{{ $cid }}_API_KEY="{{ $ZEROSSL_API_KEY }}"
            {{- "\n" }}LETSENCRYPT_{{ $cid }}_RESTART_CONTAINER="{{ $RESTART_CONTAINER }}"
            {{- "\n" }}ACME_{{ $cid }}_PRE_HOOK="{{ $PRE_HOOK }}"
            {{- "\n" }}ACME_{{ $cid }}_POST_HOOK="{{ $POST_HOOK }}"
        {{ end }}
    {{ end }}
{{ end }}
